Configuring Firefox to allow silent authentication

To enable silent authentication for users logging in to the Privileged Access ServiceAdmin Portal, you must import the tenant root CA to the browser and do one of the following in the users’ browser:

  • If you did not change the connector host name to a fully qualified domain name (by default it is not), you set the network.negotiate-auth.allow-non-fqdn Preference Name to true.

    Note:   By default, the host name used by Privileged Access Service uses the format of
    http://hostname, where hostname is the host name of the connector.

  • If you did change the connector host name to a fully qualified domain name, you need to add the fully qualified domain names for the connector host computers to the network.negotiate-auth.trusted-uris Preference Name.

    You can add the fully qualified domain names as a —for example, mycompany.com (do not enter a character)—or list each one individually. Listing them individually is more secure. However, you must remember to add the fully qualified domain name every time you add a new connector host.